name: Gitea Branch PR & Docker Deployment on: workflow_dispatch: push: branches-ignore: - "main" paths: - "docker-compose.misc.yml" - "compose/docker-compose*.yml" - "**/pr-docker-deploy.yml" env: HC_VAULT_VERSION: "1.20.0" TEA_VERSION: "0.10.1" jobs: check-and-create-pr: if: github.ref != 'refs/heads/main' name: Check and Create PR runs-on: ubuntu-latest steps: - name: Checkout Code uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: fetch-depth: 1 - name: Cache tea CLI id: cache-tea uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: /opt/hostedtoolcache/tea/${{ env.TEA_VERSION }}/x64 key: tea-${{ runner.os }}-${{ env.TEA_VERSION }} - name: Install tea uses: supplypike/setup-bin@8e3f88b4f143d9b5c3497f0fc12d45c83c123787 # v4.0.1 with: uri: https://gitea.com/gitea/tea/releases/download/v${{ env.TEA_VERSION }}/tea-${{ env.TEA_VERSION }}-linux-amd64 name: tea version: ${{ env.TEA_VERSION }} - name: Gotify Notification uses: eikendev/gotify-action@master with: gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}" gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}" notification_title: "GITEA: PR Check" notification_message: "Checking for existing PR... 🔍" - name: Check if open PR exists id: check-opened-pr-step continue-on-error: true run: | tea login add --name gitea-rinoa --url "${{ secrets.TREZ_GITEA_URL }}" --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }} pr_exists=$(tea pr list --repo ${{ github.repository }} --state open --fields index,title,head | egrep '\[DOCKER\].*${{ github.ref_name }}' | tail -1 | wc -l) echo "exists=$pr_exists" >> $GITHUB_OUTPUT - name: Create PR if: ${{ steps.check-opened-pr-step.outputs.exists == '0' }} run: | tea login default gitea-rinoa pr_index_old=$(tea pr ls --repo ${{ github.repository }} --state all --fields index,title,head --output csv | sed -e 's|"||g' | egrep '^[0-9]' | head -1 | awk -F"," '{print $1}') pr_index_new=$(expr ${pr_index_old} + 1) tea pr c -r ${{ github.repository }} -t "[DOCKER] Automated PR for ${{ github.ref_name }} - #${pr_index_new}" -d "Automatically created PR for branch: ${{ github.ref_name }}" -a ${{ github.actor }} -L "Docker Compose" - name: Gotify Notification uses: eikendev/gotify-action@master with: gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}" gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}" notification_title: "GITEA: PR Check" notification_message: "PR Created 🎟️" generate-service-list: name: Generate list of added/modified/deleted services runs-on: ubuntu-latest needs: [check-and-create-pr] outputs: svc_deploy_list: ${{ steps.detect_services.outputs.docker_svc_list }} steps: - name: Checkout uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Fetch base branch run: | git fetch origin ${{ github.event.pull_request.base.ref }} - name: Gotify Notification uses: eikendev/gotify-action@master with: gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}" gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}" notification_title: "GITEA: Services TBD" notification_message: "Generating list of services to deploy..." - name: Detect added, deleted, and modified services id: detect_services run: | echo "Getting services from main and ${{ github.ref_name }}" # Dynamically find all docker-compose YAML files (root + compose folder) COMPOSE_FILES=($(find . -maxdepth 2 -type f -name 'docker-compose*.yml' | sort)) echo "Found Compose files:" printf '%s\n' "${COMPOSE_FILES[@]}" # Temp files to store all services touch services_main_all.txt services_head_all.txt for f in "${COMPOSE_FILES[@]}"; do echo "Processing $f" # Create a safe filename by replacing slashes with underscores safe_f=$(echo "$f" | sed 's|[./]|_|g') # Fetch main version git show origin/main:"$f" > "main_${safe_f}" 2>/dev/null || touch "main_${safe_f}" cp "$f" "head_${safe_f}" # Extract services and append to global list yq '.services | keys | .[]' "main_${safe_f}" >> services_main_all.txt 2>/dev/null || true yq '.services | keys | .[]' "head_${safe_f}" >> services_head_all.txt 2>/dev/null || true done # Sort and deduplicate sort -u services_main_all.txt -o services_main_all.txt sort -u services_head_all.txt -o services_head_all.txt echo "Creating list of modified services..." touch service_changes.txt # Added services comm -13 services_main_all.txt services_head_all.txt | while read service; do echo "$service: added" >> service_changes.txt done # Modified services (parallelized) comm -12 services_main_all.txt services_head_all.txt | xargs -n1 -P4 -I{} bash -c ' service="{}" modified=0 for f in "${COMPOSE_FILES[@]}"; do safe_f=$(echo "$f" | sed "s|[./]|_|g") yq ".services[\"$service\"]" "main_${safe_f}" > tmp_main.yml 2>/dev/null || continue yq ".services[\"$service\"]" "head_${safe_f}" > tmp_head.yml 2>/dev/null || continue if ! diff -q tmp_main.yml tmp_head.yml > /dev/null; then modified=1 break fi done if [[ $modified -eq 1 ]]; then echo "$service: modified" >> service_changes.txt fi ' echo "Detected service changes:" cat service_changes.txt if [[ -z $(cat service_changes.txt) ]]; then echo "watchtower" > service_changes.txt echo "Placeholder:" cat service_changes.txt fi mod_svcs=$(cut -d':' -f1 service_changes.txt | sort | uniq | tr '\n' ' ' | sed 's/ *$//') echo "docker_svc_list<> "$GITHUB_OUTPUT" echo "$mod_svcs" >> "$GITHUB_OUTPUT" echo "EOF" >> "$GITHUB_OUTPUT" - name: List of Services for (Re)Deployment run: | echo -e "${{ steps.detect_services.outputs.docker_svc_list }}" docker-compose-dry-run: name: Docker Compose Dry Run needs: [generate-service-list] runs-on: ubuntu-latest outputs: compose_file_list: ${{ steps.compose_file_list.outputs.compose_list }} env: VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }} VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }} VAULT_NAMESPACE: "" REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }} DOCKER_SVC_LIST: ${{ needs.generate-service-list.outputs.svc_deploy_list }} steps: - name: Checkout uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 # - name: Login to Gitea Container Registry # run: | # docker login -u gitea-sonarqube-bot -p ${REGISTRY_PASSWORD} git.trez.wtf - name: Login to Docker Hub uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: username: ${{ secrets.DOCKERHUB_USER }} password: ${{ secrets.DOCKERHUB_PASSWORD }} - name: Login to GitHub Container Registry uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: ghcr.io username: ${{ secrets.GHCR_USER }} password: ${{ secrets.GHCR_LOGIN_TOKEN }} - name: Login to Private Gitea Registry uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: git.trez.wtf username: ${{ secrets.BOT_GITEA_USER }} password: ${{ secrets.BOT_GITEA_PASSWORD }} - name: Cache Vault install id: cache-vault uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: /opt/hostedtoolcache/vault/${{ env.HC_VAULT_VERSION }}/x64 key: vault-${{ runner.os }}-${{ env.HC_VAULT_VERSION }} - name: Install Vault (only if not cached) if: steps.cache-vault.outputs.cache-hit != 'true' uses: cpanato/vault-installer@main with: version: ${{ env.HC_VAULT_VERSION }} - name: Gotify Notification uses: eikendev/gotify-action@master with: gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}" gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}" notification_title: "GITEA: Docker Compose Dry Run @ Benedikta" notification_message: "Starting Docker Compose dry run..." - name: Generate .env file for Docker Compose run: | vault kv get -format=json benedikta-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env - name: Get list of Compose files id: compose_file_list run: | compose_list=$(find . -type f -name "docker-compose*.yml" \ -a ! -name "*windows*" \ -a ! -name "*gui*" \ -a ! -name "*macos*" \ -a ! -name "*hivemind*" \ -a ! -name "*server*" \ | sed -e ':a;N;$!ba;s/[\r\n]/ /g') echo "compose_list=$compose_list" >> "$GITHUB_OUTPUT" echo "Compose files: $compose_list" - name: Docker Compose Dry Run uses: cssnr/stack-deploy-action@d58b92bcd776afc57ef12f55bafff71200fd218e # v1.4.0 with: mode: compose file: ${{ steps.compose_file_list.outputs.compose_list }} name: "ovosmisc" host: 192.168.1.250 user: ovos ssh_key: ${{ secrets.RUNNER_SSH_PRIVATE_KEY }} args: --remove-orphans --dry-run ${{ needs.generate-service-list.outputs.svc_deploy_list }} env_file: ".env" registry_host: "docker.io" registry_user: ${{ secrets.DOCKERHUB_USER }} registry_pass: ${{ secrets.DOCKERHUB_PASSWORD }} summary: true - name: Gotify Notification uses: eikendev/gotify-action@master with: gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}" gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}" notification_title: "GITEA: Docker Compose Dry Run @ Benedikta" notification_message: "Docker Compose dry run completed successfully." pr-merge: name: PR Merge needs: [generate-service-list, docker-compose-dry-run] runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 - name: Cache tea CLI id: cache-tea uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: /opt/hostedtoolcache/tea/${{ env.TEA_VERSION }}/x64 key: tea-${{ runner.os }}-${{ env.TEA_VERSION }} - name: Install tea uses: supplypike/setup-bin@8e3f88b4f143d9b5c3497f0fc12d45c83c123787 # v4.0.1 with: uri: https://gitea.com/gitea/tea/releases/download/v${{ env.TEA_VERSION }}/tea-${{ env.TEA_VERSION }}-linux-amd64 name: tea version: ${{ env.TEA_VERSION }} - name: PR Merge id: pr_merge run: | tea login add --name gitea-rinoa --url ${{ secrets.TREZ_GITEA_URL }} --user gitea-sonarqube-bot --password "${{ secrets.BOT_GITEA_PASSWORD }}" --token ${{ secrets.BOT_GITEA_TOKEN }} tea login default gitea-rinoa echo "Merging PR..." pr_index=$(tea pr ls --repo ${{ github.repository }} --state open --fields index,title,head,state --output csv | egrep ${{ github.ref_name }} | awk -F"," '{print $1}' | sed -e 's|"||g') tea pr m --repo ${{ github.repository }} --title "Auto Merge of PR ${pr_index} - ${{ github.ref_name }}" --message "Merged by ${{ github.actor }}" ${pr_index} echo "pr_index=${pr_index}" >> $GITHUB_OUTPUT - name: Gotify Notification uses: eikendev/gotify-action@master with: gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}" gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}" notification_title: "GITEA: PR Merge Successful" notification_message: "PR #${{ steps.pr_merge.outputs.pr_index }} merged." docker-compose-deploy: name: Docker Compose Deployment runs-on: ubuntu-latest needs: [generate-service-list, docker-compose-dry-run, pr-merge] env: VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }} VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }} REGISTRY_PASSWORD: ${{ secrets.BOT_GITEA_PASSWORD }} steps: - name: Checkout uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: ref: main - name: Cache Vault install id: cache-vault uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 with: path: /opt/hostedtoolcache/vault/${{ env.HC_VAULT_VERSION }}/x64 key: vault-${{ runner.os }}-${{ env.HC_VAULT_VERSION }} - name: Install Vault (only if not cached) if: steps.cache-vault.outputs.cache-hit != 'true' uses: cpanato/vault-installer@main with: version: ${{ env.HC_VAULT_VERSION }} - name: Login to Docker Hub uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: username: ${{ secrets.DOCKERHUB_USER }} password: ${{ secrets.DOCKERHUB_PASSWORD }} - name: Login to GitHub Container Registry uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: ghcr.io username: ${{ secrets.GHCR_USER }} password: ${{ secrets.GHCR_LOGIN_TOKEN }} - name: Login to Private Gitea Registry uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: git.trez.wtf username: ${{ secrets.BOT_GITEA_USER }} password: ${{ secrets.BOT_GITEA_PASSWORD }} - name: Gotify Notification uses: eikendev/gotify-action@master with: gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}" gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}" notification_title: "GITEA: Docker Compose Deployment @ Benedikta" notification_message: "Starting Docker Compose run..." - name: Generate .env file for deployment run: | vault kv get -format=json benedikta-docker/env | jq -r '.data.data' | jq -r 'keys[] as $k | "\($k)='\''\(.[$k])'\''"' > .env echo ${DOCKER_SVC_LIST} echo ${COMPOSE_FILE_LIST} - name: Docker Compose Deployment uses: cssnr/stack-deploy-action@d58b92bcd776afc57ef12f55bafff71200fd218e # v1.4.0 with: mode: compose file: ${{ needs.docker-compose-dry-run.outputs.compose_file_list }} name: "ovosmisc" host: 192.168.1.250 user: ovos ssh_key: ${{ secrets.RUNNER_SSH_PRIVATE_KEY }} args: --remove-orphans ${{ needs.generate-service-list.outputs.svc_deploy_list }} env_file: ".env" summary: true - name: Gotify Notification uses: eikendev/gotify-action@master with: gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}" gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}" notification_title: "GITEA: Docker Compose Deployment @ Benedikta" notification_message: "Deployment completed successfully."